NetBSD Problem Report #42380
From www@NetBSD.org Thu Nov 26 07:07:27 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id A5E1C63B8CD
for <gnats-bugs@gnats.netbsd.org>; Thu, 26 Nov 2009 07:07:27 +0000 (UTC)
Message-Id: <20091126070727.48D1B63B8B4@www.NetBSD.org>
Date: Thu, 26 Nov 2009 07:07:27 +0000 (UTC)
From: perseant@hhhh.org
Reply-To: perseant@hhhh.org
To: gnats-bugs@NetBSD.org
Subject: nss_ldap + pam_ldap + sshd = hang, *unless* you type the wrong password first
X-Send-Pr-Version: www-1.0
>Number: 42380
>Category: pkg
>Synopsis: nss_ldap + pam_ldap + sshd = hang, *unless* you type the wrong password first
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Nov 26 07:10:00 +0000 2009
>Originator: Konrad Schroder
>Release: 5.0_STABLE
>Organization:
University of Washington
>Environment:
NetBSD gro.hhhh.org 5.0_STABLE NetBSD 5.0_STABLE (XEN3_DOMU) #1: Wed Nov 25 12:51:22 PST 2009 perseant@gro.hhhh.org:/usr/obj/sys/arch/amd64/compile.amd64/XEN3_DOMU amd64
>Description:
I've been debugging a curious problem with an LDAP-enabled system: LDAP users are correctly authenticated by PAM, but after they are authenticated the child process of sshd hangs forever. This does *not* happen, however, if they first mistype their password. After typing their password a second time they are logged in without difficulty.
>How-To-Repeat:
Follow the steps outlined on http://wiki.netbsd.se/OpenLDAP_Authentication_on_NetBSD. Try to log in, as a user defined in LDAP, using ssh.
>Fix:
The only thing I've found that worked, curiously, was to disable pthread_at_fork in the nss_ldap package. I can't tell you why that would possibly do anything (I ran across it on the web, and tried it only out of desperation) but I can provide a crude patch that fixes the problem neatly on my systems:
Index: patches/patch-ah
===================================================================
RCS file: patches/patch-ah
diff -N patches/patch-ah
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-ah 26 Nov 2009 06:53:26 -0000
@@ -0,0 +1,11 @@
+--- ldap-nss.c.old 2009-11-25 22:47:25.000000000 -0800
++++ ldap-nss.c 2009-11-25 22:48:35.000000000 -0800
+@@ -23,6 +23,8 @@
+
+ #include "config.h"
+
++#undef HAVE_PTHREAD_ATFORK
++
+ #ifdef HAVE_PORT_BEFORE_H
+ #include <port_before.h>
+ #endif
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.